Add test coverage for form-encoded OAuth token endpoint

## Context

The OAuth token endpoint at `/api/v2/spp/oauth/token` supports three request formats:
1. HTTP Basic Auth header
2. `application/x-www-form-urlencoded` POST body
3. JSON POST body (non-standard, backwards compatibility)

However, the test suite (`spp_api_v2/tests/test_oauth.py`) only covers JSON requests.

## What's Missing

Tests for:
- [ ] `application/x-www-form-urlencoded` body with `grant_type`, `client_id`, `client_secret`
- [ ] HTTP Basic Auth header with `Authorization: Basic base64(client_id:client_secret)`
- [ ] Mixed credentials (Basic Auth header + form body override)
- [ ] Edge cases: form-encoded without Content-Type header, malformed base64

## Why This Matters

- RFC 6749 compliance: form-encoded is the standard format. QGIS and other OAuth2 clients use it.
- The form-encoded code path is untested and could have regressions without anyone noticing.
- Tracked as part of OpenSPP/QGIS-openspp OAuth2 migration blockers.

## Location

- Endpoint: `spp_api_v2/routers/oauth.py` lines 42-94 (`_parse_token_request`)
- Tests: `spp_api_v2/tests/test_oauth.py`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add test coverage for form-encoded OAuth token endpoint #73

Context

What's Missing

Why This Matters

Location

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add test coverage for form-encoded OAuth token endpoint #73

Description

Context

What's Missing

Why This Matters

Location

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions